1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 



CLAIMS 

1. Apparatus for empirically adjusting access to a database, 
said apparatus comprising: 

coupled to the database, a database discovery module 
for determining database structure and authorized 
accesses to the database; 

coupled to the database, a command monitoring module 
for monitoring actual accesses to the database; and 

coupled to the database discovery module and to the 
command monitoring module, an analysis module for 
comparing actual accesses with authorized accesses. 

2. Apparatus of claim 1 further comprising, coupled to the 
database discovery module and to the analysis module, a storage 
area for accumulating data generated by the command monitoring 
module . 

3 . Apparatus of claim 1 wherein the command monitoring 
module is a sniffer. 

4. Apparatus of claim 1 wherein the database is a relational 
database accessed by a structured query language. 

5. A method for empirically adjusting access to a database, 
said method comprising the steps of : 

discovering authorized accesses to the database; 

observing actual accesses to the database; 

comparing actual accesses with authorized accesses; and 
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adjusting authorized database accesses taking into 
account results of the comparing step. 

6 . The method of claim 5 further comprising the step of 
generating at least one third party report based upon observing 
actual accesses to the database. . . 

7. The method of claim 5 wherein the adjusting step 
comprises offering to deny database access to operations by 
certain users on database tables and columns that were authorized 
but were not observed during the observing step. 

8 . The method of claim 5 wherein the discovering step 
uncovers any: 

tables of the database; 

columns of the database; 

authorized users of the database; 

views of the database; 

stored procedures of the database; 

user-defined functions of the database; and 

triggers of the database. 

9. The method of claim 5 wherein the adjusting step 
comprises at least one of: 

suggesting revised database access control settings to 

a database administrator; 
automatically hardening the database for all times of 

day; 
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automatically hardening the database selectively based 

on time of day; 
alerting a database administrator; and 
continuing to monitor accesses to the database after 

conclusion of the observing step. 

10. The method of claim 9 wherein the database is 
automatically hardened using standard SQL commands. 

11. The method of claim 9 wherein the database is 
automatically hardened using database specific application 
programming interfaces . 

12 . The method of claim 5 wherein the observing step has a 
preselected duration. 

13 . The method of claim 5 wherein the observing step is 
performed until a preselected quantity of actual accesses have 
been observed. 

14 . A computer-readable medium containing computer program 
instructions for empirically adjusting access to a database, said 
computer program instructions performing the steps of: 

discovering authorized accesses to the database; 
observing actual accesses to the database; 
comparing actual accesses with authorized accesses; and 
adjusting authorized database accesses taking into 
account results of the comparing step. 
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15. The computer-readable medium of claim 14 further 
comprising the step of generating at least one third party report 
based upon observing actual accesses to the database. 

16. The computer- readable medium of claim 14 wherein the 
adjusting step comprises offering to deny database access to 
operations by certain users on database tables and columns that 
were authorized but were not observed during the observing step. 

17. The computer- readable medium of claim 14 wherein the 
discovering step uncovers any: 

tables of the database; 

columns of the database; 

authorized users of the database; 

views of the database; 

stored procedures of the database; 

user-defined functions of the database; and 

triggers of the database. 

18. The computer -readable medium of claim 14 wherein the 
adjusting step comprises at least one of: 

suggesting revised database access control settings to 

a database administrator; 
automatically hardening the database for all times of 

day; 

automatically hardening the database selectively based 
on time of day; 
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alerting a database administrator; and 
continuing to monitor accesses to the database after 
conclusion of the observing step. 

19. The computer- readable medium of claim 18 wherein the 
database is automatically hardened using standard SQL commands 

20. The computer- readable medium of claim 18 wherein the 
database is automatically hardened using database specific 
application programming interfaces. 

21. The computer -readable medium of claim 14 wherein the 
observing step has a preselected duration. 

22. The computer -readable medium of claim 14 wherein the 
observing step is performed until a preselected quantity of 
actual accesses have been observed. 
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